CVE Lookup
CVSS score, CISA KEV status, weaknesses, and references — straight from NVD, nothing added.
How it works
The ID is queried against the National Vulnerability Database 2.0 API and shown as-is: the highest-version CVSS metric available, the CISA Known Exploited Vulnerabilities entry when one exists, CWE weakness classifications, and primary references. Results are cached for 24 hours; nothing is editorialized or invented.
FAQ
What does a KEV entry mean?
CISA has confirmed the vulnerability is actively exploited in the wild. KEV listing plus a due date outranks a raw CVSS number for patch prioritization — a 7.8 in KEV usually matters more than a 9.8 that isn't.
Why does a brand-new CVE show no score?
NVD analysis lags disclosure — new CVEs sit "Awaiting Analysis" with no CVSS for days or weeks. The tool shows exactly what NVD has; check vendor advisories in the references meanwhile.
From the channel
BlueHammer: Windows Defender CVE-2026-33825 exploited for privilege escalation
Watch on The Exploit HQ — cyber threat intel in 60 seconds ▸